Re: Problems with SURBL and catching stuff..
On Tuesday, November 2, 2004, 1:35:26 PM, Matt Matt wrote: Perhaps someone can help here. I have recently added the SURBL functionality to my SpamAssassin installation, and things seem to work wonderfully. However, we do on a fairly regular basis seem to be the first to get hit with the spam. What I mean is that spamassassin will catch it only scoring around 2.3 or so.. based on mostly images and HTML, but won't get the URL or score it past 5 points.A few hours later if I run the URL through an e-mail it will come up [SPAM]. There is always some latency in getting new data into any RBL, whether it's based on data from traps, reporting, or manual lists. There's also a little internal latency in processing, DNS updates and propagation, etc. We're reducing the lag in SURBLs, and generally it should be not be as long as hours. If you have spam that's not yet detected in SURBLs: 1. Report it to SpamCop. SpamCop spamvertised site data feeds into sc.surbl.org with some munging. I report spam that gets through to me using SpamCop. 2. Report it at the SARE site: http://www.rulesemporium.com/cgi-bin/uribl.cgi 3. If you have a large spam corpus or feed, talk to me or Bill Stearns and we'll see if we can perhaps do more with it. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Problems with SURBL and catching stuff..
I figured as much (that the messages just weren't in the SURBL lists, but I'd still like to find a way to mark them =) Here attached is one that looks alot like the ones that come through (my apologies... clean your eyes out with soap afterwards). This account that received it is kinda a 'spam trap' but still it should be marked I'd think? really nasty email.msg Description: Binary data
Re: Problems with SURBL and catching stuff..
On Wednesday, November 3, 2004, 4:45:24 AM, Matt Matt wrote: I figured as much (that the messages just weren't in the SURBL lists, but I'd still like to find a way to mark them =) Here attached is one that looks alot like the ones that come through (my apologies... clean your eyes out with soap afterwards). This account that received it is kinda a 'spam trap' but still it should be marked I'd think? Yes, please report these. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Problems with SURBL and catching stuff..
I'll be more then h appy to report them, but is there anything we can do to get spamassassin to detect them more? On Wed, 3 Nov 2004 04:51:21 -0800, Jeff Chan [EMAIL PROTECTED] wrote: On Wednesday, November 3, 2004, 4:45:24 AM, Matt Matt wrote: I figured as much (that the messages just weren't in the SURBL lists, but I'd still like to find a way to mark them =) Here attached is one that looks alot like the ones that come through (my apologies... clean your eyes out with soap afterwards). This account that received it is kinda a 'spam trap' but still it should be marked I'd think? Yes, please report these. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Problems with SURBL and catching stuff..
On Wednesday, November 3, 2004, 5:09:24 AM, Matt Matt wrote: I'll be more then h appy to report them, but is there anything we can do to get spamassassin to detect them more? I'm not sure I understand what you mean by more. If they get into SURBLs, they will be detected by SpamAssassin installations with SURBLs active. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
Re: Problems with SURBL and catching stuff..
On Wednesday, November 3, 2004, 5:30:08 AM, Matt Matt wrote: Right.. and rightly they are.. What I'm wondering is.. is there anyway to get spamassassin to detect characteristics of these spams so as to mark them when we are the 'first hit' before they get into the SURBLs... obviously someone has to be first, so spamassassin may not mark them as spam. That's what I'm getting at. Once they get into SURBLs they work (and wonderfully I might add), but for that brief time period when we seem to get hammered with spams that seems to be BEFORE they are in the SURBLs, are there any rulesets, etc that might help spamassassin with the detection of these 'image' only spams? There probably are; I'll let the folks who work with rules address that. Jeff C. -- Jeff Chan mailto:[EMAIL PROTECTED] http://www.surbl.org/
RE: Problems with SURBL and catching stuff..
Hi Matt, I've mentioned this before as well. This spammer is really good at not hitting most of the stock rules. We get hit with about a dozen of them before the SURBL's catch on. To catch them all the time, make sure you are using 70_sare_html1.cf from rulesemporium.com. Add to your local.cf score SARE_HTML_A_HIDE 5.0 (or whatever you are using for the spam score) He always hits this rule. I've had no false positives by making this change. Hope this helps! Shawn -Original Message- From: Matt [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 4:35 PM To: users@spamassassin.apache.org Subject: Problems with SURBL and catching stuff.. Hi, Perhaps someone can help here. I have recently added the SURBL functionality to my SpamAssassin installation, and things seem to work wonderfully. However, we do on a fairly regular basis seem to be the first to get hit with the spam. What I mean is that spamassassin will catch it only scoring around 2.3 or so.. based on mostly images and HTML, but won't get the URL or score it past 5 points.A few hours later if I run the URL through an e-mail it will come up [SPAM]. Any suggestions how to get these mails marked as spam ? I don't want to set my score criterion too low to avoid FPs.
Problems with SURBL and catching stuff..
Hi, Perhaps someone can help here. I have recently added the SURBL functionality to my SpamAssassin installation, and things seem to work wonderfully. However, we do on a fairly regular basis seem to be the first to get hit with the spam. What I mean is that spamassassin will catch it only scoring around 2.3 or so.. based on mostly images and HTML, but won't get the URL or score it past 5 points.A few hours later if I run the URL through an e-mail it will come up [SPAM]. Any suggestions how to get these mails marked as spam ? I don't want to set my score criterion too low to avoid FPs.
Re: Problems with SURBL and catching stuff..
Hi! Perhaps someone can help here. I have recently added the SURBL functionality to my SpamAssassin installation, and things seem to work wonderfully. However, we do on a fairly regular basis seem to be the first to get hit with the spam. What I mean is that spamassassin will catch it only scoring around 2.3 or so.. based on mostly images and HTML, but won't get the URL or score it past 5 points.A few hours later if I run the URL through an e-mail it will come up [SPAM]. Any suggestions how to get these mails marked as spam ? I don't want to set my score criterion too low to avoid FPs. Most likely the URL is added to SURBL later on ? Bye, Raymond.
